Tolerate PKCS#8 DSA format with negative private key.
This commit is contained in:
		
							
								
								
									
										3
									
								
								CHANGES
									
									
									
									
									
								
							
							
						
						
									
										3
									
								
								CHANGES
									
									
									
									
									
								
							| @@ -4,6 +4,9 @@ | |||||||
|  |  | ||||||
|  Changes between 0.9.8m (?) and 1.0.0  [xx XXX xxxx] |  Changes between 0.9.8m (?) and 1.0.0  [xx XXX xxxx] | ||||||
|  |  | ||||||
|  |   *) Tolerate yet another broken PKCS#8 key format: private key value negative. | ||||||
|  |      [Steve Henson] | ||||||
|  |  | ||||||
|   *) Add new -subject_hash_old and -issuer_hash_old options to x509 utility to |   *) Add new -subject_hash_old and -issuer_hash_old options to x509 utility to | ||||||
|      output hashes compatible with older versions of OpenSSL. |      output hashes compatible with older versions of OpenSSL. | ||||||
|      [Willy Weisz <weisz@vcpc.univie.ac.at>] |      [Willy Weisz <weisz@vcpc.univie.ac.at>] | ||||||
|   | |||||||
| @@ -403,6 +403,10 @@ int MAIN(int argc, char **argv) | |||||||
| 			BIO_printf(bio_err, "DSA public key include in PrivateKey\n"); | 			BIO_printf(bio_err, "DSA public key include in PrivateKey\n"); | ||||||
| 			break; | 			break; | ||||||
|  |  | ||||||
|  | 			case PKCS8_NEG_PRIVKEY: | ||||||
|  | 			BIO_printf(bio_err, "DSA private key value is negative\n"); | ||||||
|  | 			break; | ||||||
|  |  | ||||||
| 			default: | 			default: | ||||||
| 			BIO_printf(bio_err, "Unknown broken type\n"); | 			BIO_printf(bio_err, "Unknown broken type\n"); | ||||||
| 			break; | 			break; | ||||||
|   | |||||||
| @@ -237,8 +237,16 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) | |||||||
| 		} | 		} | ||||||
| 	else | 	else | ||||||
| 		{ | 		{ | ||||||
|  | 		const unsigned char *q = p; | ||||||
| 		if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen))) | 		if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen))) | ||||||
| 			goto decerr; | 			goto decerr; | ||||||
|  | 		if (privkey->type == V_ASN1_NEG_INTEGER) | ||||||
|  | 			{ | ||||||
|  | 			p8->broken = PKCS8_NEG_PRIVKEY; | ||||||
|  | 			ASN1_INTEGER_free(privkey); | ||||||
|  | 			if (!(privkey=d2i_ASN1_UINTEGER(NULL, &q, pklen))) | ||||||
|  | 				goto decerr; | ||||||
|  | 			} | ||||||
| 		if (ptype != V_ASN1_SEQUENCE) | 		if (ptype != V_ASN1_SEQUENCE) | ||||||
| 			goto decerr; | 			goto decerr; | ||||||
| 		} | 		} | ||||||
|   | |||||||
| @@ -585,6 +585,7 @@ struct pkcs8_priv_key_info_st | |||||||
| #define PKCS8_NO_OCTET		1 | #define PKCS8_NO_OCTET		1 | ||||||
| #define PKCS8_EMBEDDED_PARAM	2 | #define PKCS8_EMBEDDED_PARAM	2 | ||||||
| #define PKCS8_NS_DB		3 | #define PKCS8_NS_DB		3 | ||||||
|  | #define PKCS8_NEG_PRIVKEY	4 | ||||||
|         ASN1_INTEGER *version; |         ASN1_INTEGER *version; | ||||||
|         X509_ALGOR *pkeyalg; |         X509_ALGOR *pkeyalg; | ||||||
|         ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */ |         ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */ | ||||||
|   | |||||||
| @@ -247,7 +247,9 @@ If an unpatched client attempts to connect to a patched OpenSSL server then | |||||||
| the attempt will succeed but renegotiation is not permitted. As required | the attempt will succeed but renegotiation is not permitted. As required | ||||||
| by the standard a B<no_renegotiation> alert is sent back to the client if | by the standard a B<no_renegotiation> alert is sent back to the client if | ||||||
| the TLS v1.0 protocol is used. If SSLv3.0 is used then renegotiation results | the TLS v1.0 protocol is used. If SSLv3.0 is used then renegotiation results | ||||||
| in a fatal B<handshake_failed> alert. | in a fatal B<handshake_failed> alert. If the patched server attempts to | ||||||
|  | renegotiate (existing applications which renegotiate may well do this) then | ||||||
|  | a fatal B<handshake_failed> alert is sent. | ||||||
|  |  | ||||||
| If a patched OpenSSL client attempts to connect to an unpatched server | If a patched OpenSSL client attempts to connect to an unpatched server | ||||||
| then the connection will fail because it is not possible to determine | then the connection will fail because it is not possible to determine | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user
	 Dr. Stephen Henson
					Dr. Stephen Henson